Paris, France Oct. 25, 2016 – The lead architect of both a comprehensive report that demystifies online threats for the general public and an important Canadian law that has appreciably reduced spam has received the M3AAWG 2016 JD Falk Award for his contributions to a safer online world. André Leduc was recognized for spearheading the global Operation Safety-Net best practices report and for his role in developing the Canadian Anti-spam Legislation that requires marketers to obtain users' permission before sending commercial email.

The award was announced Oct. 25 during the four-day M3AAWG 38th General Meeting in Paris. The Messaging, Malware and Mobile Anti-Abuse Working group presents the award annually to recognize an "unsung hero" working behind the scenes to protect the internet and end-users.

"Both of these accomplishments have been widely embraced by the anti-abuse community as valuable tools in fighting spam and other cybercrime. Operation Safety-Net makes cybersecurity accessible to mainstream, non-technical users by cutting through the complicated techno-jargon about keeping our devices safe, and the anti-spam law known as CASL has dramatically reduced junk mail in Canada and beyond. Neither of these projects would have come to fruition without Andre's meticulous attention to detail, his dedicated effort that went well beyond expectations, and his persistent leadership," said Michael Adkins, M3AAWG Chairman of the Board.

Leduc is the acting director of business, intelligence and analysis, and digital security policy, at the Canadian Department of Innovation, Science and Economic Development. He also served as a voluntary secretariat co-lead for the London Action Plan/Unsolicited Communications Enforcement Network and facilitated the cooperative work between M3AAWG and LAP/UCENet that resulted in the jointly published report. A video with Leduc explaining the motivation behind these two projects is available on the M3AAWG YouTube channel at www.youtube.com/maawg.

Operation Safety Net for Business, Government and End-Users

Operation Safety Net – Best Practices to Address Online, Mobile, and Telephony Threats is a 76-page report written by security experts from around the world that describes current cyber issues facing business, government and end-users with the proven techniques to protect against them. Leduc spearheaded the project, which was originally requested by the Organisation for Economic Co-operation and Development, and compiled the submitted material into a coherent report.

Leduc said, "Translating our technical and engineering way of talking into plain language was probably the most important part of this work. We wanted to create a report that a security officer or an engineer could give to colleagues and management to help them understand cyber attacks and why their organizations might be targeted. We also wanted to make it easy for government policy makers in both the developed and developing countries, where they may not have much technical experience, to take action."

The original report was published in 2012 then updated in 2015. The latest version covers malware and botnets; phishing and social engineering; internet protocol and domain name system (DNS) exploits; and mobile, voice over IP (VOIP) and telephony threats. Originally published in English, it has been translated into French and Spanish, reaching much of the world's population. The report is available in these languages at www.m3aawg.org under Best Practices.

CASL Effective Beyond Canada

Leduc also was the lead architect developing the policy and legal frameworks for the Canadian Anti-spam Legislation that set a new standard for sending marketing messages when it went into effect in 2014. The law applies to commercial or promotional information sent through email, SMS, instant messaging or social media. It also covers software installations and mobile apps.

CASL requires marketers to obtain a user's permission to receive a commercial message before it is sent, a process known as "opt-in" that is more effective in fighting abuse and spam. For example, under the law, users need to voluntarily sign up for a mailing list or have an existing business relationship with an organization before marketers can send them related emails. Since CASL applies to all messages sent to users in Canada, including those originating from other countries, it has encouraged the voluntary adoption of opt-in practices internationally.

"The volume of spam on Canadian networks has decreased by more than a third since CASL went into effect. We have also seen a high level of compliance from senders in the countries to our south, throughout Europe, and even in Asia. Many international senders are now getting consent prior to sending commercial electronic messages to our users," Leduc said.

Leduc began work on establishing the concepts and language for CASL in 2009. He has specialized in cybersecurity since 2004 when he led OECD ecommerce business working groups and then became part of an expert subgroup on high-tech crimes in 2004. He has represented Industry Canada (now Innovation Science and Economic Development Canada) at the OECD, the G7 and G8 summits, and the Wassenaar Arrangement.

The M3AAWG 38th General Meeting is the organization's annual European meeting and has brought together more than 350 security experts from 30 countries. The working meeting features more than 50 sessions with network operators, social networking companies, hosting and cloud services providers, email service providers, academic researchers and public policy advisors sharing information on the latest cyber threats. The next meeting will be February 20-23, 2017 in San Francisco.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.